[html5] r7862 - [e] (0) Provide a hook for CSP. Affected topics: HTML
whatwg at whatwg.org
whatwg at whatwg.org
Mon Apr 29 21:07:35 PDT 2013
Author: ianh
Date: 2013-04-29 21:07:34 -0700 (Mon, 29 Apr 2013)
New Revision: 7862
Modified:
complete.html
index
source
Log:
[e] (0) Provide a hook for CSP.
Affected topics: HTML
Modified: complete.html
===================================================================
--- complete.html 2013-04-30 03:48:23 UTC (rev 7861)
+++ complete.html 2013-04-30 04:07:34 UTC (rev 7862)
@@ -67523,14 +67523,19 @@
<p>When a resource that requires an external resource to be rendered is to be loaded in a
<a href=#browsing-context>browsing context</a>, the user agent should <a href=#create-a-document-object>create a <code>Document</code>
- object</a>, mark it as being an <a href=#html-documents title="HTML documents">HTML document</a>, set its
- <a href=#concept-document-content-type title=concept-document-content-type>content type</a> to the sniffed MIME type of the
- resource (<var title="">type</var> in the <a href=#navigate>navigate</a> algorithm), append an
- <code><a href=#the-html-element>html</a></code> element to the <code><a href=#document>Document</a></code>, append a <code><a href=#the-head-element>head</a></code> element and a
- <code><a href=#the-body-element>body</a></code> element to the <code><a href=#the-html-element>html</a></code> element, append an <code><a href=#the-embed-element>embed</a></code> to the
- <code><a href=#the-body-element>body</a></code> element, and set the <code title=attr-embed-src><a href=#attr-embed-src>src</a></code> attribute of the
- <code><a href=#the-embed-element>embed</a></code> element to the address of the resource.</p>
+ object</a>, mark it as being an <a href=#html-documents title="HTML documents">HTML document</a> and mark it
+ as being a <dfn id=plugin-document>plugin document</dfn>, set its <a href=#concept-document-content-type title=concept-document-content-type>content
+ type</a> to the sniffed MIME type of the resource (<var title="">type</var> in the
+ <a href=#navigate>navigate</a> algorithm), append an <code><a href=#the-html-element>html</a></code> element to the
+ <code><a href=#document>Document</a></code>, append a <code><a href=#the-head-element>head</a></code> element and a <code><a href=#the-body-element>body</a></code> element to the
+ <code><a href=#the-html-element>html</a></code> element, append an <code><a href=#the-embed-element>embed</a></code> to the <code><a href=#the-body-element>body</a></code> element, and set
+ the <code title=attr-embed-src><a href=#attr-embed-src>src</a></code> attribute of the <code><a href=#the-embed-element>embed</a></code> element to the
+ address of the resource.</p>
+ <p class=note>The term <a href=#plugin-document>plugin document</a> is used by the Content Security Policy
+ specification as part of the mechanism that ensures <code><a href=#the-iframe-element>iframe</a></code>s can't be used to evade
+ <code title="">plugin-types</code> directives. <a href=#refsCSP>[CSP]</a></p>
+
<!-- next three paragraphs are similar to the navigate-text section, keep them in sync -->
<p>Then, the user agent must act as if it had <a href=#stop-parsing title="stop parsing">stopped
Modified: index
===================================================================
--- index 2013-04-30 03:48:23 UTC (rev 7861)
+++ index 2013-04-30 04:07:34 UTC (rev 7862)
@@ -67523,14 +67523,19 @@
<p>When a resource that requires an external resource to be rendered is to be loaded in a
<a href=#browsing-context>browsing context</a>, the user agent should <a href=#create-a-document-object>create a <code>Document</code>
- object</a>, mark it as being an <a href=#html-documents title="HTML documents">HTML document</a>, set its
- <a href=#concept-document-content-type title=concept-document-content-type>content type</a> to the sniffed MIME type of the
- resource (<var title="">type</var> in the <a href=#navigate>navigate</a> algorithm), append an
- <code><a href=#the-html-element>html</a></code> element to the <code><a href=#document>Document</a></code>, append a <code><a href=#the-head-element>head</a></code> element and a
- <code><a href=#the-body-element>body</a></code> element to the <code><a href=#the-html-element>html</a></code> element, append an <code><a href=#the-embed-element>embed</a></code> to the
- <code><a href=#the-body-element>body</a></code> element, and set the <code title=attr-embed-src><a href=#attr-embed-src>src</a></code> attribute of the
- <code><a href=#the-embed-element>embed</a></code> element to the address of the resource.</p>
+ object</a>, mark it as being an <a href=#html-documents title="HTML documents">HTML document</a> and mark it
+ as being a <dfn id=plugin-document>plugin document</dfn>, set its <a href=#concept-document-content-type title=concept-document-content-type>content
+ type</a> to the sniffed MIME type of the resource (<var title="">type</var> in the
+ <a href=#navigate>navigate</a> algorithm), append an <code><a href=#the-html-element>html</a></code> element to the
+ <code><a href=#document>Document</a></code>, append a <code><a href=#the-head-element>head</a></code> element and a <code><a href=#the-body-element>body</a></code> element to the
+ <code><a href=#the-html-element>html</a></code> element, append an <code><a href=#the-embed-element>embed</a></code> to the <code><a href=#the-body-element>body</a></code> element, and set
+ the <code title=attr-embed-src><a href=#attr-embed-src>src</a></code> attribute of the <code><a href=#the-embed-element>embed</a></code> element to the
+ address of the resource.</p>
+ <p class=note>The term <a href=#plugin-document>plugin document</a> is used by the Content Security Policy
+ specification as part of the mechanism that ensures <code><a href=#the-iframe-element>iframe</a></code>s can't be used to evade
+ <code title="">plugin-types</code> directives. <a href=#refsCSP>[CSP]</a></p>
+
<!-- next three paragraphs are similar to the navigate-text section, keep them in sync -->
<p>Then, the user agent must act as if it had <a href=#stop-parsing title="stop parsing">stopped
Modified: source
===================================================================
--- source 2013-04-30 03:48:23 UTC (rev 7861)
+++ source 2013-04-30 04:07:34 UTC (rev 7862)
@@ -75534,14 +75534,19 @@
<p>When a resource that requires an external resource to be rendered is to be loaded in a
<span>browsing context</span>, the user agent should <span>create a <code>Document</code>
- object</span>, mark it as being an <span title="HTML documents">HTML document</span>, set its
- <span title="concept-document-content-type">content type</span> to the sniffed MIME type of the
- resource (<var title="">type</var> in the <span>navigate</span> algorithm), append an
- <code>html</code> element to the <code>Document</code>, append a <code>head</code> element and a
- <code>body</code> element to the <code>html</code> element, append an <code>embed</code> to the
- <code>body</code> element, and set the <code title="attr-embed-src">src</code> attribute of the
- <code>embed</code> element to the address of the resource.</p>
+ object</span>, mark it as being an <span title="HTML documents">HTML document</span> and mark it
+ as being a <dfn>plugin document</dfn>, set its <span title="concept-document-content-type">content
+ type</span> to the sniffed MIME type of the resource (<var title="">type</var> in the
+ <span>navigate</span> algorithm), append an <code>html</code> element to the
+ <code>Document</code>, append a <code>head</code> element and a <code>body</code> element to the
+ <code>html</code> element, append an <code>embed</code> to the <code>body</code> element, and set
+ the <code title="attr-embed-src">src</code> attribute of the <code>embed</code> element to the
+ address of the resource.</p>
+ <p class="note">The term <span>plugin document</span> is used by the Content Security Policy
+ specification as part of the mechanism that ensures <code>iframe</code>s can't be used to evade
+ <code title="">plugin-types</code> directives. <a href="#refsCSP">[CSP]</a></p>
+
<!-- next three paragraphs are similar to the navigate-text section, keep them in sync -->
<p>Then, the user agent must act as if it had <span title="stop parsing">stopped
More information about the Commit-Watchers
mailing list